Information processing apparatus and information processing method

ABSTRACT

An information processing apparatus having a security server and a reader/writer includes a demodulator of the reader/writer for reading information from an RFID tag, a modulator of the reader/writer for writing information into the RFID tag and also writing area information indicating whether the RFID tag exists in a secret area, a memory for storing the information read from the RFID tag by the demodulator and the information written into the RFID tag by the modulator, and a controller for controlling the demodulator and the modulator. When the area information read from the RFID tag by the demodulator indicates that the RFID tag exists in a predetermined area, the controller precludes from reading predetermined information stored in the RFID tag, and controls the modulator so as to write the area information indicating that the RFID tag does not exist in the predetermined area.

TECHNICAL FIELD

The present invention relates to an information processing apparatus andan information processing method.

BACKGROUND ART

Conventionally, a security system which administrates entrance/exit ofpersons to/from a room (i.e., a predetermined area) by authenticatingthem with use of portable storage media such as magnetic cards or thelike has been brought to realization (e.g., Japanese Patent ApplicationLaid-Open No. 11-303478).

Incidentally, in case of using the portable storage medium such as anon-contact IC memory (e.g., an. RFID (Radio Frequency IDentification)memory) or the like, it is thought that the function to read informationfrom the portable storage medium is provided in an MFP (Multi FunctionalPrinter). In this case, it is thought that the MFP reads job informationto be executed by the MFP from the portable storage medium and thenactually executes a job in response to the read job information.Incidentally, as an example of executing the job, there is a printprocess of printing an image on paper based on image data.

In such use as described above, when the portable storage medium isbrought out from the room (predetermined area) where entrance and exitof persons are administrated (for example, when the portable storagemedium is brought out from a company, a department or the like) in thestate that the information (e.g., internal consumption data, privilegeddata or the like) to be concealed (this information is also calledsecret information) has been retained in the portable storage medium,there is a possibility that a problem occurs. For example, if theportable storage medium loses, there is a fear that the secretinformation stored in the lost portable storage medium is maliciouslyread by the third person. In this case, there is a possibility thatsecurity concerning the information to be concealed decreases.

DISCLOSURE OF THE INVENTION

The present invention is made in consideration of the above conventionalproblem, and an object thereof is to provide an improved informationprocessing apparatus and an improved information processing method.

Another object of the present invention is to provide an informationprocessing apparatus in which, in the state that information calledsecret information to be concealed is stored and held in a portablestorage medium, the secret information is never read by a third personeven when the portable storage medium is brought out from apredetermined area, and an information processing apparatus which isadopted to the information processing method.

One aspect of the present invention is to provide an informationprocessing apparatus comprising:

an information reading unit adapted to read information from a portablestorage medium;

an information writing unit adapted to write information into theportable storage medium, the information writing unit being adapted towrite area information indicating whether or not the portable storagemedium exists in a predetermined area;

a storage unit adapted to store the information read from the portablestorage medium by the information reading unit and the informationwritten into the portable storage medium by the information writingunit; and

a control unit adapted to control the information reading unit and theinformation writing unit,

wherein, when the area information read from the portable storage mediumby the information reading unit indicates that the portable storagemedium exists in the predetermined area, the control unit is adapted topreclude from reading predetermined information stored in the portablestorage medium, and to control the information writing unit to write thearea information indicating that the portable storage medium does notexist in the predetermined area.

Another aspect of the present invention is to provide an informationprocessing method comprising:

an information reading step of reading information from a portablestorage medium; and

an information writing step of writing information into the portablestorage medium, the information writing step being adapted to write areainformation indicating whether or not the portable storage medium existsin a predetermined area,

wherein, when the area information read from the portable storage mediumin the information reading step indicates that the portable storagemedium exists in the predetermined area, the information writing step isadapted to preclude from reading predetermined information stored in theportable storage medium, and to write the area information indicatingthat the portable storage medium does not exist in the predeterminedarea.

Other features and advantages of the present invention will be apparentfrom the following description taken in conjunction with theaccompanying drawings, in which like reference characters designate thesame or similar parts throughout the figures thereof.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings, which are incorporated in and constitute apart of the specification, illustrate embodiments of the invention and,together with the description, serve to explain the principles of theinvention.

FIG. 1 is a diagram showing the schematic configuration of a securitysystem according to the embodiment of the present invention;

FIG. 2 is a block diagram showing the schematic structure of an RFID tagapplicable to the security system according to the embodiment of thepresent invention;

FIG. 3 is a block diagram showing the schematic structure of areader/writer applicable to the security system according to theembodiment of the present invention;

FIG. 4 is a conceptual diagram showing the data structure in thenonvolatile memory provided in the RFID tag;

FIG. 5 is a flow chart showing the process of the security system in acase where the RFID tag is brought out from a security area;

FIG. 6 is a flow chart showing the process of the security system in acase where the RFID tag is brought into the security area;

FIG. 7 is a diagram showing an example of entry/exit information readfrom the nonvolatile memory; and

FIG. 8 is a block diagram showing the schematic structure of thesecurity server.

BEST MODE FOR CARRYING OUT THE INVENTION

The present invention will now be described in detail with reference tothe accompanying drawings showing the preferred embodiment thereof. Inthe drawings, the elements and the parts which are identical throughoutthe views are designated by identical reference numerals, and duplicatedescription thereof is omitted.

Hereinafter, the embodiment of the present invention will be explainedin detail with reference to the accompanying drawings.

Initially, FIG. 1 is a diagram showing the schematic configuration of asecurity system according to the embodiment of the present invention. Inthe security system according to the embodiment, a security area (alsocalled a secret area) 100 which is the room comparted from thesurroundings with plural physical gates such as gates, doors and thelike, a physical wall (not shown), and the like is assumed. Further, asecurity server 103, an MFP (or a multifunctional machine) 105, adocument server 106, and a payment apparatus 108 are disposed in thesecurity area 100, and a gate control unit 101 is disposed in each ofthe physical gates such as the gates, the doors and the like to controlopen and close operations of the gate. Incidentally, it is inhibited toenter into and exit from the security area 100 in the state that thegate is being closed, and it is permitted to enter into and exit fromthe security area 100 in the state that the gate is being opened.

Moreover, a reader/writer 109 is disposed in each of the plural gates soas to access a nonvolatile memory 201 (FIG. 2) provided in an RFID tag(i.e., a non-contact IC memory) 104. The reader/writers 190 of therespective gates are mutually connected through a first network 102, andthe gate control unit 101 and the security server 103 are also connectedto the first network 102.

As shown in FIG. 8, the security server 103 includes an I/F (interface)unit 801 for outputting and inputting information (data) to and from thereader/writer 109, a control unit 802 for wholly controlling thesecurity server 103, and a storage unit 804 such as a hard disk or thelike for storing later-described table data 804 and the like.

In the above network configuration, a user ID 401 (FIG. 4) stored in thenonvolatile memory 201 of the RFID tag 104 is read by the reader/writer109, and the read user ID 401 is transferred to the security server 103.Thus, entrance and exit of users are administrated by the securityserver 103, and the gates are opened and closed through the gate controlunit 101, whereby the security area 100 is formed as a whole.

In the embodiment, it is controlled by the gate control unit 101 to openand close the physical gate according to the administration of userentry/exit by the security server 103. However, to open and close thephysical gate need not necessarily be controlled by the gate controlunit 101.

Moreover, as later explained in detail, when the RFID tag 104 in whichsecret data (including job information, a command, etc.) is stored isbrought out from the security area 100, the secret data in the RFID tag104 is read by the reader/writer 109 and saved to the security server103, and the secret data remaining in the RFID tag 104 is deletedconcurrently, thereby preventing the secret data from leaking out to athird person outside the security area 100.

In addition, when the RFID tag 104 is again entered into the securityarea 100, the secret data saved in the security server 103 is againwritten into the RFID tag 104 through the reader/writer 109, whereby thewritten secret data can be freely used in the security area 100.

In the security area 100, a reader/writer 105 a is mounted on the MFP105, and a reader/writer 108 a is mounted on the payment apparatus 108,whereby, as described later, the MFP 105 and the payment apparatus 108can freely access the memory in the RFID tag 104 respectively throughthe reader/writer 105 a and the reader/writer 108 a.

Incidentally, it is desirable to physically separate the first network102 from an external network (e.g., the Internet and the like) so as toimprove secrecy. However, even if the first network 102 is notphysically separated from the external network, it is possible toseparate the first network 102 from the external network in informationby means of a gateway or the like.

The MFP 105 is connected to the document server 106 through a secondnetwork 107 which is composed of a LAN, an SAN (storage area network) orthe like. Here, it should be noted that the second network 107 need notnecessarily be physically connected to the first network 102.

In case of using the RFID tag 104 in regard to the MFP 105, the RFID tag104 is held above the reader/writer 105 a of the MFP 105, wherebyfacsimile transmission destination information, an electronic mailaddress, location information of document data stored in the documentserver 106, and the like which have been stored in the RFID tag 104 aredownloaded to the MFP 105 in a non-contact manner, whereby it ispossible to execute facsimile transmission, electronic mailtransmission, document print output, and the like in response to thedownloaded data. Moreover, in the state that the RFID tag 104 is broughtclose to the reader/writer 105 a of the MFP 105, it is possible in anon-contact manner through the reader/writer 105 a to transfer to thefacsimile transmission destination information, the electronic mailaddress, the location information of the document data stored in thedocument server 106, and the like from an operation unit (not shown) ofthe MFP 105 to the RFID tag 104, and it is then possible to store thetransferred data in the nonvolatile memory 201 of the RFID tag 104.

For example, the payment apparatus 108 is located in a refectory, amessroom or the like. Therefore, in case of using the RFID tag 104 inregard to the payment apparatus 108, it is possible in the paymentapparatus 108 to perform a payment process on the basis of a user ID orthe like stored in the RFID tag 104. In this case, for example, whennecessary and sufficient payment has been completed in the manner sameas that applied to an ordinary prepaid card, it is possible in thepayment apparatus 108 to perform the payment based on outstandingbalance information stored in the RFID tag 104. Alternatively, whenexpense information for each user is accumulated and stored in a paymentserver (not shown) connected to the payment apparatus 108 in thesecurity area 100, it is possible in the payment apparatus 108 toperform the payment for each user at intervals of, e.g., one month. Bythe way, when the content of each meal is stored in the payment serveror the RFID tag 104, it is possible for the user to later refer to thestored history of the meals.

Here, it should be noted that the above use of the RFID tag 104 inregard to the MFP 105 and the above use of the RFID tag 104 in regard tothe payment apparatus 108 are absolutely examples. That is, in additionto the above examples, the RFID tag 104 can be variously used. Moreover,it should be noted that the RFID tag 104 can be used by variouselectronic information apparatuses other than the MFP 105 and thepayment apparatus 108 in the security area 100.

[RFID Tag]

FIG. 2 is a block diagram showing the schematic structure of the RFIDtag 104. The RFID tag 104 which is also called a non-contact IC chip ora data carrier can communicate with the reader/writer by air (that is,in non-contact manner). In the embodiment, the RFID tag 104 is assumedas a card-type RFID tag which is the non-contact IC chip containing thefollowing components.

That is, the nonvolatile memory 201, an antenna unit 202 for emittingand receiving radio waves, a resonant capacitor unit 203, a powergeneration unit 204 for rectifying and smoothing currents, ademodulation/modulation circuit 205 for demodulating and modulating theradio waves, and a control unit 206 are formed on the RFID tag(non-contact IC chip) 104. Incidentally, because the RFID tag 104 doesnot have any electrical power supply such as a battery or the like,necessary power is induced based on the radio waves supplied from thereader/writer.

More specifically, the combination of the antenna unit 202 and theresonant capacitor unit 203 constitutes a resonant circuit, and, asdescribed later, the reader/writer always emits the radio wave (ACmagnetic field) for generating electrical power. Therefore, when theRFID tag 104 is held above the reader/writer, an induction current isgenerated due to electromagnetic induction by the resonant circuit inthe RFID tag 104. Then, the generated induction current is supplied tothe power generation unit 204, whereby the power generation unit 204rectifies and smoothes the supplied induction current and generates theelectrical power of a predetermined voltage. Therefore, the generatedelectrical power is supplied to the nonvolatile memory 201, the controlunit 206 and the demodulation/modulation circuit 205. Here, it should benoted that the control unit 206 wholly controls the RFID tag 104.

The reader/writer receives, in addition to the radio wave signal forgenerating the electrical power, radio wave signals concerning variousdata. The radio wave signals concerning various data are demodulated bythe demodulation/modulation circuit 205, and the demodulated signals arewritten in the nonvolatile memory 201 under the control of the controlunit 206. Moreover, the control unit 206 reads the data from thenonvolatile memory 201, the read data is modulated by thedemodulation/modulation circuit 205, and the modulated data istransmitted as the radio wave signal through the antenna unit 202.

Incidentally, the control unit 206 includes a ROM (not shown) whichstores application programs for performing the processes correspondingto steps S502 and S505 to S510 in a flow chart of FIG. 5 and steps S602and S606 in a flow chart shown in FIG. 6. However, these applicationprograms may be stored in the nonvolatile memory 201.

[Reader/Writer]

FIG. 3 is a block diagram showing the schematic structure of each of thereader/writers 109, 105 a and 108 a. More specifically, each of thereader/writers 109, 105 a and 108 a includes a transmission antenna unit301 for transmitting radio wave signals, a modulation circuit 302 formodulating the signal input from an I/F unit 306 into the data signaltransmitted from the transmission antenna unit 301, a reception antennaunit 303 for receiving radio wave signals, a demodulation circuit 304for demodulating the radio wave signal received by the reception antennaunit 303 into the signal to be output from the I/F unit 306, the I/Funit 306 for communicating with superior equipment (i.e., the securityserver 103 in the embodiment), and a control unit 305. Here, in such aconfiguration, the control unit 305 controls the transmission antennaunit 301, the modulation circuit 302, the reception antenna unit 303,the demodulation circuit 304 and the I/F unit 306. Incidentally, an ACpower supply 307 for generating the power necessary to generate theradio wave signals is connected to the transmission antenna unit 301.

In response to an instruction issued from the security server 103, thecontrol unit 305 causes the modulation circuit 302 to module the radiowave to be used for supplying the electrical power and the data to betransmitted, and the control unit 305 then causes the transmissionantenna unit 301 to generate the radio wave. Moreover, the control unit305 causes the demodulation circuit 304 to demodulate the radio wavesignal received through the reception antenna unit 303, whereby thecontrol unit 305 is then able to convert the demodulated signal to betreated as the data signal. In other words, the control unit 305 canwrite the information (data) into the nonvolatile memory 201 of the RFIDtag 104 which is present within the transmission range of thetransmission antenna unit 301, by causing the transmission antenna unit301 to generate the radio wave signal. Moreover, the control unit 305can read the information (data) from the nonvolatile memory 201 of theRFID tag 104 which is present within the reception range of thereception antenna unit 303, by causing the demodulation circuit 304 todemodulate the radio wave signal received through the reception antennaunit 303.

Incidentally, the control unit 305 includes a ROM (not shown) whichstores application programs for performing the processes correspondingto the steps S502 and S505 to S510 in the flow chart of FIG. 5 and thesteps S602 and S606 in the flow chart shown in FIG. 6.

[Storage Data of RFID Tag]

FIG. 4 is a conceptual diagram showing the data structure in thenonvolatile memory 201 provided in the RFID tag 104.

The nonvolatile memory 201 provided in the RFID tag 104 stores the userID 401 of the owner (i.e., the user) of the relevant RFID tag 104 andindividual data 402 of this owner. As the user ID 401, inherent values(e.g., numerical values, symbols, etc.) are allocated to each of theRFID tags 104, whereby the user of the relevant RFID tag 104 can beauthenticated based on the relevant user ID 401. That is, the user ID401 stored in the nonvolatile memory 201 of the RFID tag 104 has beenregistered beforehand in the security server 103 before the securitysystem according to the embodiment is actually used. Therefore, forexample, when the user who has the RFID tag 104 passes the gate, theuser ID 401 of this user is read from the relevant RFID tag 104 by thereader/writer 109, the read user ID 401 is checked based on the user IDregistered in the security server 103, and it is thus judged whether ornot to permit this user to pass the gate (this judgment is calledauthentication). Then, the entry and the exit of this user are recordedin the security server 103.

Incidentally, the number of individual data capable of being stored inthe nonvolatile memory 201 is not of course limited to one. That is,plural individual data 402, 406, 407 and 408 may be stored in the singleRFID tag 104, and each of the individual data 402, 406, 407 and 408includes an individual data ID 403, a data body 404 (i.e., the body orsubstance of the actual individual data), and a secret flag 405.

The individual data ID 403 is the identification for discriminating eachindividual data 402 (i.e., the data body 404), and inherent values(e.g., numerical values, symbols, etc.) are allocated to each individualdata 402, whereby the user of the relevant RFID tag 104 can beauthenticated on the basis of the relevant user ID 401. Therefore, bycombining the individual data ID 403 and the user ID 401 with eachother, it is possible to transmit/receive the various data included inthe data body 404 to/from the MFP 105 and the payment apparatus 108.

The data body 404 is the data being the substance of the individual data402 which is actually read and written to be used in various processes.As described above, the facsimile transmission destination information,the electronic mail address, the location information of the documentdata stored in the document server 106, and the like are read andwritten as the data concerning the MFP 105. Incidentally, it is possibleto add or overwrite the information input from the operation unit of theMFP 105.

Moreover, previously input money data, the history information of meals,and the like are read and written as the data concerning the paymentapparatus 108. Here, it should be noted that the money data is theinformation which can be rewritten or updated only by a payment server(not shown) connected to the payment apparatus 108, and the historyinformation of meals is the information which can be rewritten orupdated by the payment apparatus 108.

The secret flag 405 is the information which is set with respect to eachof the individual data 402, 406, 407 and 408, and represents whether ornot the relevant individual data includes secret information. In theembodiment, it is defined that the individual data includes the secretinformation when the secret flag 405 is ON (1), while the individualdata does not include the secret information when the secret flag 405 isOFF (0). Here, it should be noted that the secret flag 405 can berewritten or updated only by the reader/writer 109 connected to thesecurity server 103.

Incidentally, in the specification and the claims according to thepresent invention, with respect to the individual data of which thesecret flag is ON, even if the whole of the individual data is not asecret matter but only a part thereof is a secret matter, the whole ofthe individual data is called the secret data.

[Exit Process]

Subsequently, the process to be performed when the person (user) exitsfrom the security area 100 to the outside will be explained withreference to the flow chart shown in FIG. 5. Here, it should be notedthat the process shown in FIG. 5 is performed by an informationprocessing apparatus which is constituted by at least the securityserver 103 and the reader/writer 109.

First, in a step S501, it is judged by the control unit 305 of thereader/writer 109 whether or not it is possible to communicate with theRFID tag 104. Because the electrical power for the RFID tag 104 isinduced based on the radio wave generated and transmitted from thereader/writer 109, the reader/writer 109 can communicate with the RFIDtag 104 if the RFID tag 104 is brought close to the range in which thereader/writer 109 can perform the communication. Incidentally, it is setthat the gate is not opened if a later-described predeterminedauthentication process is not performed by bringing the RFID tag 104close to the reader/writer 109. Therefore, when the user wishes to exitfrom the security area 100, it is necessary for the user to bring theRFID tag 104 close to the reader/writer 109.

Then, in the step S502, the control unit 305 of the reader/writer 109cooperates with the control unit 206 of the RFID tag 104 to read theuser ID 401 from the nonvolatile memory 201 of the RFID tag 104 andtransmit the read user ID 401 to the security server 103.

In a step S503, it is judged by the security server 103 whether or notthe user ID 401 received from the reader/writer 109 has been alreadyregistered in the security server 103 and the entry/exit situation ofthe user corresponding to the received user ID 401 is “entry”. That is,by doing so, it is resultingly judged whether or not to authenticate“exit” of this user. More specifically, when the user ID input throughthe control unit 305 of the reader/writer 109 matches with the user IDincluded in the table data 804 stored in the security server 103 and theentry/exit situation associated with the input user ID is set to“entry”, the control unit 802 of the security server 103 authenticates“exit” of this user and also transmits authentication information to thereader/writer 109 through the I/F unit 801. Then, the flow advances tothe step S505 when the security server authenticates “exit” of the user,while the flow advances to a step S504 when the security server does notauthenticate “exit” of the user.

Here, it is assumed that the user ID of the user concerning the RFID tag104 has been previously stored in a part of the storage area of thenonvolatile memory 201 of the RFID tag 104, as the information foridentifying the relevant RFID tag 104. Further, it is assumed that thetable data 804 for administrating the user ID's has been stored in thesecurity server 103 (for example, the contents shown in FIG. 7 have beenstored), and the entry/exit situation of the user (that is, the RFID tag104 specified by the user ID) and the later-described secret informationhave been stored as the table data 804 in association with the user IDfor specifying the RFID tag 104. Furthermore, it is assumed that thetable data including the secret information and the like has been storedin the storage unit 803 such as a hard disk or the like in the securityserver 103.

Then, when the received user ID 401 is not registered in the securityserver 103, or when the entry/exit situation of the user associated withthe input user ID 401 is set to “exit” even if the received user ID 401has been registered in the security server 103 (that is, this caseindicates that the user falsely entered into the security area 100 inthe past), the security server 103 does not authenticate “exit” of thisuser and performs a predetermined warning process in the step S504. Forexample, a warning message may be displayed on a display (not shown)disposed at the gate, a warning sound may be generated by a speaker (notshown) disposed at the gate, or the gate may be temporarily closed andlocked by the gate control unit 101.

On one hand, in the step S505, when the input user ID 401 has beenregistered in the security server 103 and the entry/exit situation ofthe user associated with the input user ID is set to “entry”, thesecurity server 103 authenticates “exit” of this user, changes theentry/exit situation of the user associated with the input user ID 401to “exit”, and notifies the reader/writer 109 of the informationindicating that “exit” of this user is authenticated. Incidentally, whenthe information indicating that “exit” of this user is authenticated isreceived from the security server 103, the control unit 305 of thereader/writer 109 controls the modulation circuit 302 to write theinformation indicating that the user exited in the nonvolatile memory201 of the RFID tag 104. Here, it should be noted that the informationindicating that the user exited is the information indicating that theRFID tag 104 is in “exit” state (that is, the state that the RFID tag104 does not exist in the security area 100).

In the embodiment, the storage unit 803 of the security server 103stores only the latest entry/exit situation in order to reduce thestorage capacity of the storage unit 803 to be used for the table data804. However, it is possible to set that the storage unit 803 stores thewhole past entry/exit situation or the plural entry/exit situations(i.e., history).

In the step S506, when the information indicating that “exit” of therelevant user is authenticated is received from the security server 103,the control unit 305 of the reader/writer 109 cooperates with thecontrol unit 206 of the RFID tag 104 to read the individual data ID 403of the one individual data 402 and the secret flag 405 from thenonvolatile memory 201 of the RFID tag 104 and then transmit the readdata to the security server 103.

Then, in the step S507, it is judged by the control unit 802 of thesecurity server 103 whether or not the secret flag 405 corresponding tothe individual data 402 is ON.

In the step S508, when judged that the secret flag 405 is ON, thecontrol unit 802 of the security server 103 causes the control unit 305of the reader/writer 109 and the control unit 206 of the RFID tag 104 tocooperate with each other to read the corresponding individual data 402(i.e., the data body 404) from the nonvolatile memory 201 of the RFIDtag 104 and then transmit the read individual data 402 to the securityserver 103. Here, the control unit 802 of the security server 103 whichreceived the individual data 402 from the nonvolatile memory 201 of theRFID tag 104 stores (saves), in association with the user IDauthenticated in the step S503, the received individual data 402 as thetable data 804 in the storage unit 803.

In the step S509, the control unit 305 of the reader/writer 109 deletes,from the nonvolatile memory 201, the individual data 402 saved in thestorage unit 803 of the security server 103, and the flow then advancesto the step S510.

Meanwhile, when judged by the control unit 802 in the step S507 that thesecret flag 405 is OFF, the control unit 802 of the security server 103and the control unit 305 of the reader/writer 109 skip the savingprocess of the step S508 and the deletion process of the step S509, andthe flow directly advances to the step S510.

In the step S510, the control unit 305 of the reader/writer 109cooperates with the control unit 206 of the RFID tag 104 to refer to thenonvolatile memory 201 of the RFID tag 104 to judge whether or not thenext individual data of which the secret flag is not checked exists. Asthe result of this, when the next individual data of which the secretflag is not checked exists, the flow returns to the step S506. Thus, thecontrol unit 305 of the reader/writer 109 performs the same process tothe next individual data.

Meanwhile, the process of checking the secret flag for all theindividual data 402 and 406 to 408 ends (that is, NO in the step S510),the flow advances to a step S511. In the step S511, for example, thecontrol unit 305 of the reader/writer 109 performs an entry process ofcausing the gate control unit 101 to open the gate, and the processends.

As explained above, when the entry/exit information read from the RFIDtag 104 by the demodulation circuit 304 indicates “entry” and the secretflag 405 of the individual data 402 stored in the RFID tag 104 is ON,the control unit 305 of the reader/writer 109 saves or deletes theindividual data 402 so that the individual data 402 stored in the RFIDtag 104 cannot be read. Moreover, the control unit 305 of thereader/writer 109 controls the modulation circuit 302 so as to write theinformation indicating “exit” into the RFID tag 104.

The control unit 802 of the security server 103 judges in the step S507whether or not the secret flag has been set with respect to each of theplural individual data 402, 406, 407 and 408 stored in the nonvolatilememory 201 of the RFID tag 104. Thus, it is possible to surely deletethe data to be concealed from among the plural individual data, and itis also possible to leave the data which should not be concealed beingstored in the nonvolatile memory 201.

[Entry Process]

Subsequently, the process to be performed when the person (user) who hasthe RFID tag 104 enters from the outside into the security area 100 willbe explained with reference to the flow chart shown in FIG. 6. Here, itshould be noted that the process shown in FIG. 6 is performed by theinformation processing apparatus which is constituted by at least thesecurity server 103 and the reader/writer 109.

First, in a step S601, it is judged by the control unit 305 of thereader/writer 109 whether or not it is possible to communicate with theRFID tag 104. Because the electrical power for the RFID tag 104 isinduced based on the radio wave generated and transmitted from thereader/writer 109, the reader/writer 109 can communicate with the RFIDtag 104 if the RFID tag 104 is brought close to the range in which thereader/writer 109 can perform the communication. Incidentally, it is setthat the gate is not opened if the later-described predeterminedauthentication process is not performed by bringing the RFID tag 104close to the reader/writer 109. Therefore, when the user wishes to enterinto the security area 100, it is necessary for the user to bring theRFID tag 104 close to the reader/writer 109.

Then, in the step S602, the control unit 305 of the reader/writer 109cooperates with the control unit 206 of the RFID tag 104 to read theuser ID 401 from the nonvolatile memory 201 of the RFID tag 104 andtransmit the read user ID 401 to the security server 103.

In a step S603, it is judged by the security server 103 whether or notthe user ID 401 received from the reader/writer 109 has been alreadyregistered in the security server 103 and the entry/exit situation ofthe user corresponding to the received user ID 401 is “exit”. That is,by doing so, it is resultingly judged whether or not to authenticate“entry” of this user. More specifically, when the user ID input throughthe control unit 305 of the reader/writer 109 matches with the user IDincluded in the table data 804 stored in the security server 103 and theentry/exit situation associated with the input user ID is set to “exit”,the control unit 802 of the security server 103 authenticates “entry” ofthis user and also transmits authentication information to thereader/writer 109 through the I/F unit 801. Then, the flow advances to astep S605 when the security server 103 authenticates “entry” of theuser, while the flow advances to a step S604 when the security server103 does not authenticate “entry” of the user.

Then, when the received user ID 401 is not registered in the securityserver 103, or when the entry/exit situation of the user associated withthe input user ID 401 is set to “entry” even if the received user ID 401has been registered in the security server 103 (that is, this caseindicates that the user falsely exited from the security area 100 in thepast), the security server 103 does not authenticate “entry” of thisuser and performs a predetermined warning process in the step S604. Forexample, a warning message may be displayed on the display disposed atthe gate, a warning sound may be generated by the speaker disposed atthe gate, or the gate may be temporarily closed and locked by the gatecontrol unit 101.

On one hand, in the step S605, when the received input user ID 401 hasbeen registered in the security server 103 and the entry/exit situationof the user associated with the input user ID is set to “exit”, thesecurity server 103 authenticates “entry” of this user, changes theentry/exit situation of the user associated with the input user ID 401to “entry”, and notifies the reader/writer 109 of the informationindicating that “entry” of this user is authenticated. Incidentally,when the information indicating that “entry” of this user isauthenticated is received from the security server 103, the control unit305 of the reader/writer 109 controls the modulation circuit 302 towrite the information indicating that the user entered in thenonvolatile memory 201 of the RFID tag 104. Here, it should be notedthat the information indicating that the user entered is the informationindicating that the RFID tag 104 is in “entry” state (that is, the statethat the RFID tag 104 exists in the security area 100).

In the step S606, when the information indicating that the entry of theuser corresponding to the user ID 401 has been authenticated is receivedfrom the security server 103, the control unit 305 of the reader/writer109 inquires of the security server 103 as to the saved individual data402 corresponding to the user ID 401 and then causes the security server103 to transmit the individual data 402 to the reader/writer 109. Then,the control unit 305 of the reader/writer 109 cooperates with thecontrol unit 206 of the RFID tag 104 to write and return the user ID 401to the nonvolatile memory 201 of the RFID tag 104. For example, as shownin FIG. 7, when the user ID 401 is “13114039” on the table data 804 andthe entry/exit information read from nonvolatile memory 201 in the stepS603 indicates “exit”, the control unit 802 of the security server 103transmits information “aaa.txt” to the reader/writer 109 so that theinformation “aaa.txt” saved in the storage unit 803 as the secret datawhen the user exits is written and returned to the nonvolatile memory201 of the RFID tag 104. When the information “aaa.txt” is received fromthe security server 103, the control unit 306 of the reader/writer 109controls the modulation circuit 302 to write the information “aaa.txt”into the nonvolatile memory 104 of the RFID tag 104.

In a step S607, the control unit 305 of the reader/writer 109 inquiresof the security server 103 as to whether or not the other savedindividual data (i.e., the individual data 406, 407 and 408 shown inFIG. 4) corresponding to the user ID 401 exist. When the other savedindividual data (i.e., the individual data 406, 407 and 408 shown inFIG. 4) exist, the flow returns to the step S606 to write and return therelevant other individual data to the nonvolatile memory 201 of the RFIDtag 104.

Incidentally, in order to effectively use the storage area of thestorage unit 803 in the security server 103, the control unit 802 of thesecurity server 103 deletes, from the storage unit 803, the individualdata written and returned to the nonvolatile memory 201. Moreover, asdescribed above, the control unit 802 of the security server 103transmits the saved individual data 402 to the reader/writer 109 inresponse to the inquiry or the like from the control unit 305 of thereader/writer 109. However, the control unit 802 of the security server103 may actively search the saved individual data 402 on the basis ofthe user ID 401 received from the reader/writer 109 in the step S602,and transmit the searched individual data to the reader/writer 109.

Meanwhile, when the other saved individual data does not exist, forexample, the control unit 305 of the reader/writer 109 performs an entryprocess of causing the gate control unit 101 to open the gate (stepS608), and the process ends.

As just described, according to the embodiment, when the RFID tag 104 isbrought out from the security area 100, the secret data on the RFID tag104 is read therefrom and saved in the security server 103, and thesaved security data remaining on the RFID tag 104 is deleted. Meanwhile,when the RFID tag 104 is brought into the security area 100, the savedsecret data is written and returned to the RFID tag 104. Therefore, itis possible to prevent that the secret data leaks outside the securityarea 100 and is evilly used by a vicious third person. Moreover, becausethe saving, the deleting and the writing-returning of the secret dataare automatically performed when the RFID tag 104 is held above thereader/writer 109, the load for the user does not increase.

Moreover, because a battery need not be provided in the RFID tag 104,the RFID tag 104 can be made compact in size, and also the securitysystem can be structured at low cost. Furthermore, because the secretdata is not restored if there is no user authentication, even if a userevilly enters into the security area 100 without any userauthentication, he cannot use the secret data, whereby a securityfunction further improves.

Modification of Embodiment

Even if the saving, the deleting and the writing-returning of the secretdata stored in the RFID tag 104 are not performed in the manner asdescribed above, leakage of the secret data can be prevented in thefollowing manner.

That is, a readable flag associated with the individual data 402 isfirst stored in the nonvolatile memory 201 of the RFID tag 104. Then,the readable flag associated with the secret data is set to anunreadable state when the RFID tag 104 is brought out from the securityarea 100, and the readable flag associated with the secret data is setto a readable state when the RFID tag 104 is brought into the securityarea 100. Thus, it is possible to prevent a leakage of the secret dataoutside the security area 100, and it is possible to freely use thesecret data within the security area 100.

In this case, only when the user of the RFID tag 104 has beenauthenticated by the security server 103, it is necessary to be able tochange the flag value of the readable flag by, e.g., the reader/writer109. Moreover, in the RFID tag 104, it is necessary to provide a controlmechanism in the control unit 206 or a memory controller (not shown) topreclude from reading the individual data (secret data) of which thereadable flag is set to the unreadable state, so that the secret datacannot be read by a commercially available reader/writer or the like forthe RFID tag.

In the above embodiment, because it is necessary to perform the saving,the deleting or the writing-returning of the secret data, it is thoughtthat a time necessary for the entry/exit administration is prolonged. Onthe other hand, in the modification of the embodiment, because thesecret data is not directly processed, it is possible to shorten thetime necessary for the entry/exit administration. However, because thesecret data is brought out from the security area 100 as a matter ofform, some uneasiness remains in the point of security in themodification. For these reasons, whether to select the embodiment or themodification only has to be decided based on whether to attachimportance to the security or the time necessary for the entry/exitadministration.

Incidentally, if an accessible flag instead of the above readable flagis defined as the component of the individual data 402, it is possibleto prevent the secret data from being damaged by, e.g., overwriting ofanother data.

Moreover, even when the RFID tag is not used for the entry/exitadministration, the present invention is applicable also to a case wherethe RFID tag is used only to record the data used by various devices. Inthis case, as the means for detecting that the RFID tag is brought outfrom and brought into the secret area, it is unnecessary to use aspecific reader/writer for the RFID tag. For example, in a case wherethe RFID tag is used as a medium for paying necessary play fees in agame hall such as a pachinko hall, a computer game amusement center orthe like, a magnetic field (i.e., the secret area) is formed by apredetermined device in the game hall, and a device for detecting themagnetic field is mounted on the RFID tag. Thus, it is possible by sucha detection device to detect that the RFID tag is brought out from andbrought into the secret area.

Incidentally, in the case where the RFID tag is used as the medium forpaying necessary play fees in the game hall, the secret data leakageprevention process according to the above embodiment or the abovemodification is used to prevent that the prepaid information stored inthe RFID tag is used in another business people's game hall.

Further, it is possible to provide a battery in the RFID tag. In thiscase, it is possible to cause the control unit of the RFID tag not tocooperate with the control unit of the reader/writer but toindependently perform the secret data leakage prevention processaccording to the above embodiment or the above modification.

Furthermore, as the secret data leakage prevention process, it ispossible to adopt a process of encrypting the secret data in the RFIDtag when the RFID tag in question is brought out from the secret area,and decrypting the encrypted secret data in the RFID tag when the RFIDtag in question is brought into the secret area (here, also performinguser authentication if necessary).

Moreover, in the communication method adopted for the RFID tag, theradio waves, the electromagnetic waves and the like need not necessarilybe used. That is, for example, a communication method using a light suchas an infrared light and the like may be adopted. Besides, the shape ofthe RFID tag is not limited to a card type, that is, a label-type RFIDtag, a coin-type RFID tag, a box-type RFID tag, a stick-type RFID tagand the like may be used.

Moreover, it is needless to say that the object of the present inventionis achieved in a case where the program codes of software for achievingthe functions of the above embodiment and modification are wirelesslydownloaded in non-contact manner to the RFID tag and the reader/writerand the downloaded program codes are thus executed by the control unitsof the RFID tag and the reader/writer.

In this case, the program codes themselves achieve the functions of theabove embodiment and modification, whereby the storage medium whichstores these program codes constitutes the present invention. Moreover,it is needless to say that the present invention includes not only thecase where the functions of the above embodiment and modification areachieved when the above program codes are executed, but also a casewhere the functions of the above embodiment and modification areachieved when operating systems (OS) or the like operating on the RFIDtag and the reader/writer perform a part or all of the actual processesin response to instructions of the program codes.

As many apparently widely different embodiments of the present inventioncan be made without departing from the spirit and scope thereof, it isto be understood that the invention is not limited to the specificembodiments thereof except as defined in the appended claims.

This application claims priority from Japanese Patent Application No.2003-392377 filed Nov. 21, 2003, which is hereby incorporated byreference herein.

1. An information processing apparatus comprising: an informationreading unit adapted to read information from a portable storage medium;an information writing unit adapted to write information into theportable storage medium, said information writing unit being adapted towrite area information indicating whether or not the portable storagemedium exists in a predetermined area; a storage unit adapted to storethe information read from the portable storage medium by saidinformation reading unit and the information written into the portablestorage medium by said information writing unit; and a control unitadapted to control said information reading unit and said informationwriting unit, wherein, when the area information read from the portablestorage medium by said information reading unit indicates that theportable storage medium exists in the predetermined area, said controlunit is adapted to preclude from reading predetermined informationstored in the portable storage medium, and to control said informationwriting unit to write the area information indicating that the portablestorage medium does not exist in the predetermined area.
 2. Aninformation processing apparatus according to claim 1, wherein, when thearea information read from the portable storage medium by saidinformation reading unit indicates that the portable storage mediumexists in the predetermined area, said control unit is adapted tocontrol said information reading unit to read the predeterminedinformation from the portable storage medium and store the readpredetermined information in said storage unit.
 3. An informationprocessing apparatus according to claim 2, wherein, when the areainformation read from the portable storage medium by said informationreading unit indicates that the portable storage medium exists in thepredetermined area, said control unit is adapted to control saidinformation writing unit to delete the predetermined information storedin the portable storage medium.
 4. An information processing apparatusaccording to claim 1, wherein, when the area information read from theportable storage medium by said information reading unit indicates thatthe portable storage medium exists in the predetermined area, saidcontrol unit is adapted to control said information writing unit towrite reading-preclusive information for precluding from reading thepredetermined information from the portable storage medium into theportable storage medium.
 5. An information processing apparatusaccording to claim 1, wherein, when the area information read from theportable storage medium by said information reading unit indicates thatthe portable storage medium does not exist in the predetermined area,said control unit is adapted to control said information writing unit tobe able to read the predetermined information from the portable storagemedium.
 6. An information processing apparatus according to claim 3,wherein, when the area information read from the portable storage mediumby said information reading unit indicates that the portable storagemedium exists in the predetermined area, said control unit is adapted tocontrol said information writing unit to write the predeterminedinformation stored in the portable storage medium into the portablestorage medium.
 7. An information processing apparatus according toclaim 1, further comprising: an administration unit adapted toadministrate specific information, stored in the portable storagemedium, for specifying the portable storage medium; a judgment unitadapted to judge whether or not the specific information read from theportable storage medium by said information reading unit matches withthe specific information administrated by said administration unit,wherein, when it is judged by said judgment unit that the specificinformation read from the portable storage medium matches with thespecific information administrated by said administration unit, saidcontrol unit is adapted to preclude from reading the predeterminedinformation stored in the portable storage medium.
 8. An informationprocessing apparatus according to claim 7, further comprising a warningunit adapted to give warning when it is judged by said judgment unitthat the specific information read from the portable storage medium doesnot match with the specific information administrated by saidadministration unit.
 9. An information processing apparatus according toclaim 7, wherein, when the area information read from the portablestorage medium by said information reading unit indicates that theportable storage medium does not exist in the predetermined area and itis further judged by said judgment unit that the specific informationread from the portable storage medium matches with the specificinformation administrated by said administration unit, said control unitis adapted to control said information writing unit to be able to readthe predetermined information from the portable storage medium.
 10. Aninformation processing apparatus according to claim 7, wherein, when thearea information read from the portable storage medium by saidinformation reading unit indicates that the portable storage mediumexists in the predetermined area, said control unit is adapted topreclude from reading the predetermined information stored in theportable storage medium and designated to be secret, and to control saidinformation writing unit to write the area information indicating thatthe portable storage medium does not exist in the predetermined area.11. An information processing apparatus according to claim 1, whereinthe portable storage medium is a storage medium to which communicationis possible in non-contact manner, said information reading unit isadapted to write the information into the portable storage medium innon-contact manner, and said information writing unit is adapted to readthe information from the portable storage medium in non-contact manner.12. An information processing method comprising: an information readingstep of reading information from a portable storage medium; and aninformation writing step of writing information into the portablestorage medium, said information writing step being adapted to writearea information indicating whether or not the portable storage mediumexists in a predetermined area, wherein, when the area information readfrom the portable storage medium in said information reading stepindicates that the portable storage medium exists in the predeterminedarea, said information writing step is adapted to preclude from readingpredetermined information stored in the portable storage medium, and towrite the area information indicating that the portable storage mediumdoes not exist in the predetermined area.
 13. An information processingmethod according to claim 12, further comprising a storage step of, whenthe area information read from the portable storage medium in saidinformation reading step indicates that the portable storage mediumexists in the predetermined area, reading the predetermined informationfrom the portable storage medium and storing the read predeterminedinformation in another storage medium different from the portablestorage medium.
 14. An information processing method according to claim13, wherein, when the area information read from the portable storagemedium in said information reading step indicates that the portablestorage medium exists in the predetermined area, said informationwriting step is adapted to delete the predetermined information storedin the portable storage medium.
 15. An information processing methodaccording to claim 12, wherein, when the area information read from theportable storage medium in said information reading step indicates thatthe portable storage medium exists in the predetermined area, saidinformation writing step is adapted to write reading-preclusiveinformation for precluding from reading the predetermined informationfrom the portable storage medium into the portable storage medium. 16.An information processing method according to claim 12, wherein, whenthe area information read from the portable storage medium in saidinformation reading step indicates that the portable storage medium doesnot exist in the predetermined area, said information writing step isadapted to be able to read the predetermined information from theportable storage medium.
 17. An information processing method accordingto claim 14, wherein, when the area information read from the portablestorage medium in said information reading step indicates that theportable storage medium exists in the predetermined area, saidinformation writing step is adapted to write the predeterminedinformation stored in the portable storage medium into the portablestorage medium.
 18. An information processing method according to claim12, further comprising a judgment step of judging whether or notspecific information read from the portable storage medium in saidinformation reading step matches with specific information administratedin another storage medium, wherein, when it is judged in said judgmentstep that the specific information read from the portable storage mediummatches with the specific information administrated in the anotherstorage medium, said information writing step is adapted to precludefrom reading the predetermined information stored in the portablestorage medium.
 19. An information processing method according to claim18, further comprising a warning step of giving warning when it isjudged in said judgment step that the specific information read from theportable storage medium does not match with the specific informationadministrated in the another storage medium.
 20. An informationprocessing method according to claim 18, wherein, when the areainformation read from the portable storage medium in said informationreading step indicates that the portable storage medium does not existin the predetermined area and it is further judged in said judgment stepthat the specific information read from the portable storage mediummatches with the specific information administrated in the anotherstorage medium, said information writing step is adapted to be able toread the predetermined information from the portable storage medium. 21.An information processing method according to claim 18, wherein, whenthe area information read from the portable storage medium in saidinformation reading step indicates that the portable storage mediumexists in the predetermined area, said information writing step isadapted to preclude from reading the predetermined information stored inthe portable storage medium and designated to be secret, and to writethe area information indicating that the portable storage medium doesnot exist in the predetermined area.
 22. An information processingmethod according to claim 12, wherein the portable storage medium is astorage medium to which communication is possible in non-contact manner,said information reading step is adapted to write the information intothe portable storage medium in non-contact manner, and said informationwriting step is adapted to read the information from the portablestorage medium in non-contact manner.